Office of Public Affairs Justice Department Announces Actions to Combat Two Russian StateSponsored Cyber Criminal Hacking Groups United States Department of Justice
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppArchived NewsppThe Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova 33 also known as Vika Tory and SovaSonya for her role in conducting cyberattacks and computer intrusions against critical infrastructure and other victims around the world in support of Russias geopolitical interests Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussiaReborn CARR Today Dubranova was arraigned on a second indictment charging her for her actions supporting NoName05716 NoName Dubranova pleaded not guilty in both cases and is scheduled to begin trial in the NoName matter on Feb 3 2026 and in the CARR matter on April 7 2026ppAs described in the indictments the Russian government backed CARR and NoName by providing among other things financial support CARR used this financial support to access various cybercriminal services including subscriptions to distributed denial of serviceforhire services NoName was a statesanctioned project administered in part by an information technology organization established by order of the President of Russia in October 2018 that developed along with other coconspirators NoNames proprietary distributed denial of service DDoS programppTodays actions demonstrate the Departments commitment to disrupting malicious Russian cyber activity whether conducted directly by state actors or their criminal proxies aimed at furthering Russias geopolitical interests said Assistant Attorney General for National Security John A Eisenberg We remain steadfast in defending essential services including food and water systems Americans rely on each day and holding accountable those who seek to undermine themppPolitically motivated hacktivist groups whether statesponsored like CARR or statesanctioned like NoName pose a serious threat to our national security particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and US interests abroad said First Assistant US Attorney Bill Essayli for the Central District of California The charges announced today demonstrate our commitment to eradicating global threats to cybersecurity and pursuing malicious cyber actors working on behalf of adversarial foreign interestsppWhen proRussia hacktivist groups target our infrastructure the FBI will use all available tools to expose their activity and hold them accountable said Assistant Director Brett Leatherman of the FBI Cyber Division Todays announcement demonstrates the FBIs commitment to disrupt Russian statesponsored cyber threats including reckless criminal groups supported by the GRU The FBI doesnt just track cyber adversaries we work with global partners to bring them to justiceppThe defendants illegal actions to tamper with the nations public water systems put communities and the nations drinking water resources at risk said EPA Acting Assistant Administrator Craig Pritzlaff These criminal charges serve as an unequivocal warning to malicious cyber actors in the US and abroad EPAs Criminal Investigation Division and our law enforcement partners will not tolerate threats to our nations water infrastructure and will pursue justice against those who endanger the American public EPA is unwavering in its commitment to clean safe water for all AmericansppCyber Army of Russia RebornppAccording to the indictment CARR also known as ZPentest was founded funded and directed by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation GRU CARR claimed credit for hundreds of cyberattacks against victims worldwide including attacks against critical infrastructure in the United States in support of Russias geopolitical interests CARR regularly posted on Telegram claiming credit for its attacks and published photos and videos depicting its attacks CARR primarily hacked industrial control facilities and conducted DDoS attacks CARRs victims included public drinking water systems across several states in the US resulting in damage to controls and the spilling of hundreds of thousands of gallons of drinking water CARR also attacked a meat processing facility in Los Angeles in November 2024 spoiling thousands of pounds of meat and triggering an ammonia leak in the facility CARR has attacked US election infrastructure during US elections and websites for US nuclear regulatory entities among other sensitive targetsppAn individual operating as Cyber1ceKiller a moniker associated with at least one GRU officer instructed CARR leadership on what kinds of victims CARR should target and his organization financed CARRs access to various cybercriminal services including subscriptions to DDoSforhire services At times CARR had more than 100 members including juveniles and more than 75000 followers on TelegramppThe CARR indictment charges Dubranova with one count of conspiracy to damage protected computers and tamper with public water systems one count of damaging protected computers one count of access device fraud and one count of aggravated identity theft If convicted of these charges Dubranova would face a statutory maximum penalty of 27 years in federal prisonppNoName05716ppNoName was covert project whose membership included multiple employees of The Center for the Study and Network Monitoring of the Youth Environment CISM among other cyber actors CISM was an information technology organization established by order of the President of Russia in October 2018 that purported to among other things monitor the safety of the internet for Russian youthppAccording to the indictment NoName claimed credit for hundreds of cyberattacks against victims worldwide in support of Russias geopolitical interests NoName regularly posted on Telegram claiming credit for its attacks and published proof of victim websites being taken offline The group primarily conducted DDoS cyberattacks using their own proprietary DDoS tool DDoSia which relied on network infrastructure around the world created by employees of CISMppNoNames victims included government agencies financial institutions and critical infrastructure such as public railways and ports NoName recruited volunteers from around the world to download DDoSia and used their computers to launch DDoS attacks on the victims that NoName leaders selected NoName also published a daily leaderboard of volunteers who launched the most DDoS attacks on its Telegram channel and paid topranking volunteers in cryptocurrency for their attacksppThe NoName indictment charges Dubranova with one count of conspiracy to damage protected computers If convicted of this charge Dubranova would face a statutory maximum penalty of five years in federal prisonppppConcurrent with todays actions the US Department of State has offered potential rewards for up to 2 million for information on individuals associated with CARR and up to 10 million for information on individuals associated with NoName Additionally today the FBI CISA NSA DOE EPA and DC3 issued a Joint Cybersecurity Advisory assessing that proRussia hacktivist groups like CARR and NoName target minimally secured internetfacing virtual network computing connections to infiltrate or gain access to operational technology control devices within critical infrastructure systems to execute attacks against critical infrastructure resulting in varying degrees of impact including physical damageppOn July 19 2024 US Department of Treasurys Office of Foreign Assets Control OFAC announced sanctions targeting two CARR members Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko for their roles in cyber operations against US critical infrastructure These two individuals were the groups leader and a primary hacker respectivelyppThe FBI Los Angeles Field Office investigated the CARR and NoName cases as part of FBIs Operation Red Circus an ongoing operation to disrupt Russian statesponsored cyberthreats to US critical infrastructure and interests abroadppAssistant US Attorneys Angela Makabali and Alexander Gorin for the Central District of California and Trial Attorney Greg Nicosia of the National Security Divisions National Security Cyber Section are prosecuting these cases Assistant US Attorney James E Dochterman for the Central District of California is handling the forfeiture cases The Justice Departments Office of International Affairs provided significant assistance for both investigationsppAn indictment is merely an allegation All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of lawppFour members of an anticapitalist and antigovernment group that calls for violence against US officials have been arrested for allegedly plotting to attack two US companies with improvised explosive devicesppTwo businessmen are now in custody for allegedly violating US export control and smuggling lawsppMinh Phuong Ngoc Vong 40 of Bowie Maryland was sentenced today to 15 months in prison followed by three years of supervised release for his role in a fraudulent schemeppOffice of Public AffairsUS Department of Justice950 Pennsylvania Avenue NWWashington DC 20530ppOffice of Public Affairs Direct Line2025142007ppDepartment of Justice Main Switchboard2025142000ppSignup for Email UpdatesSocial MediappppHave a question about Government Servicesp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppArchived NewsppThe Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova 33 also known as Vika Tory and SovaSonya for her role in conducting cyberattacks and computer intrusions against critical infrastructure and other victims around the world in support of Russias geopolitical interests Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussiaReborn CARR Today Dubranova was arraigned on a second indictment charging her for her actions supporting NoName05716 NoName Dubranova pleaded not guilty in both cases and is scheduled to begin trial in the NoName matter on Feb 3 2026 and in the CARR matter on April 7 2026ppAs described in the indictments the Russian government backed CARR and NoName by providing among other things financial support CARR used this financial support to access various cybercriminal services including subscriptions to distributed denial of serviceforhire services NoName was a statesanctioned project administered in part by an information technology organization established by order of the President of Russia in October 2018 that developed along with other coconspirators NoNames proprietary distributed denial of service DDoS programppTodays actions demonstrate the Departments commitment to disrupting malicious Russian cyber activity whether conducted directly by state actors or their criminal proxies aimed at furthering Russias geopolitical interests said Assistant Attorney General for National Security John A Eisenberg We remain steadfast in defending essential services including food and water systems Americans rely on each day and holding accountable those who seek to undermine themppPolitically motivated hacktivist groups whether statesponsored like CARR or statesanctioned like NoName pose a serious threat to our national security particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and US interests abroad said First Assistant US Attorney Bill Essayli for the Central District of California The charges announced today demonstrate our commitment to eradicating global threats to cybersecurity and pursuing malicious cyber actors working on behalf of adversarial foreign interestsppWhen proRussia hacktivist groups target our infrastructure the FBI will use all available tools to expose their activity and hold them accountable said Assistant Director Brett Leatherman of the FBI Cyber Division Todays announcement demonstrates the FBIs commitment to disrupt Russian statesponsored cyber threats including reckless criminal groups supported by the GRU The FBI doesnt just track cyber adversaries we work with global partners to bring them to justiceppThe defendants illegal actions to tamper with the nations public water systems put communities and the nations drinking water resources at risk said EPA Acting Assistant Administrator Craig Pritzlaff These criminal charges serve as an unequivocal warning to malicious cyber actors in the US and abroad EPAs Criminal Investigation Division and our law enforcement partners will not tolerate threats to our nations water infrastructure and will pursue justice against those who endanger the American public EPA is unwavering in its commitment to clean safe water for all AmericansppCyber Army of Russia RebornppAccording to the indictment CARR also known as ZPentest was founded funded and directed by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation GRU CARR claimed credit for hundreds of cyberattacks against victims worldwide including attacks against critical infrastructure in the United States in support of Russias geopolitical interests CARR regularly posted on Telegram claiming credit for its attacks and published photos and videos depicting its attacks CARR primarily hacked industrial control facilities and conducted DDoS attacks CARRs victims included public drinking water systems across several states in the US resulting in damage to controls and the spilling of hundreds of thousands of gallons of drinking water CARR also attacked a meat processing facility in Los Angeles in November 2024 spoiling thousands of pounds of meat and triggering an ammonia leak in the facility CARR has attacked US election infrastructure during US elections and websites for US nuclear regulatory entities among other sensitive targetsppAn individual operating as Cyber1ceKiller a moniker associated with at least one GRU officer instructed CARR leadership on what kinds of victims CARR should target and his organization financed CARRs access to various cybercriminal services including subscriptions to DDoSforhire services At times CARR had more than 100 members including juveniles and more than 75000 followers on TelegramppThe CARR indictment charges Dubranova with one count of conspiracy to damage protected computers and tamper with public water systems one count of damaging protected computers one count of access device fraud and one count of aggravated identity theft If convicted of these charges Dubranova would face a statutory maximum penalty of 27 years in federal prisonppNoName05716ppNoName was covert project whose membership included multiple employees of The Center for the Study and Network Monitoring of the Youth Environment CISM among other cyber actors CISM was an information technology organization established by order of the President of Russia in October 2018 that purported to among other things monitor the safety of the internet for Russian youthppAccording to the indictment NoName claimed credit for hundreds of cyberattacks against victims worldwide in support of Russias geopolitical interests NoName regularly posted on Telegram claiming credit for its attacks and published proof of victim websites being taken offline The group primarily conducted DDoS cyberattacks using their own proprietary DDoS tool DDoSia which relied on network infrastructure around the world created by employees of CISMppNoNames victims included government agencies financial institutions and critical infrastructure such as public railways and ports NoName recruited volunteers from around the world to download DDoSia and used their computers to launch DDoS attacks on the victims that NoName leaders selected NoName also published a daily leaderboard of volunteers who launched the most DDoS attacks on its Telegram channel and paid topranking volunteers in cryptocurrency for their attacksppThe NoName indictment charges Dubranova with one count of conspiracy to damage protected computers If convicted of this charge Dubranova would face a statutory maximum penalty of five years in federal prisonppppConcurrent with todays actions the US Department of State has offered potential rewards for up to 2 million for information on individuals associated with CARR and up to 10 million for information on individuals associated with NoName Additionally today the FBI CISA NSA DOE EPA and DC3 issued a Joint Cybersecurity Advisory assessing that proRussia hacktivist groups like CARR and NoName target minimally secured internetfacing virtual network computing connections to infiltrate or gain access to operational technology control devices within critical infrastructure systems to execute attacks against critical infrastructure resulting in varying degrees of impact including physical damageppOn July 19 2024 US Department of Treasurys Office of Foreign Assets Control OFAC announced sanctions targeting two CARR members Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko for their roles in cyber operations against US critical infrastructure These two individuals were the groups leader and a primary hacker respectivelyppThe FBI Los Angeles Field Office investigated the CARR and NoName cases as part of FBIs Operation Red Circus an ongoing operation to disrupt Russian statesponsored cyberthreats to US critical infrastructure and interests abroadppAssistant US Attorneys Angela Makabali and Alexander Gorin for the Central District of California and Trial Attorney Greg Nicosia of the National Security Divisions National Security Cyber Section are prosecuting these cases Assistant US Attorney James E Dochterman for the Central District of California is handling the forfeiture cases The Justice Departments Office of International Affairs provided significant assistance for both investigationsppAn indictment is merely an allegation All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of lawppFour members of an anticapitalist and antigovernment group that calls for violence against US officials have been arrested for allegedly plotting to attack two US companies with improvised explosive devicesppTwo businessmen are now in custody for allegedly violating US export control and smuggling lawsppMinh Phuong Ngoc Vong 40 of Bowie Maryland was sentenced today to 15 months in prison followed by three years of supervised release for his role in a fraudulent schemeppOffice of Public AffairsUS Department of Justice950 Pennsylvania Avenue NWWashington DC 20530ppOffice of Public Affairs Direct Line2025142007ppDepartment of Justice Main Switchboard2025142000ppSignup for Email UpdatesSocial MediappppHave a question about Government Servicesp
